Info Tech Final
Risk Area: Hardware
#1 cause of system downtime major causes: 1. natural disasters 2. blackout: total loss of electricity 3. brownouts: partial loss of electricity 4. vandalism
Risk Area: Data
0. Leaked Data 1. Alteration 2. Destruction 3. Web defacement Done through 1. Malware: software designed to gain unauthorized access to a computer; includes spyware 2. Keylogging: most common purpose of malicious spyware; captures keystrokes 3. Bots: installing software that performs repetitive tasks
Fair Information Practice Principles (FIPP)
1) Notice / Awareness: consumers should be notified before personal information is collected, namely who, what, where, why and how will the data be collected, including who it will be shared with, as well as steps to ensure the confidentiality of the data 2) Choice / Consent: Consumers should be able to opt in or out of data collection, and consent must be explicitly given to use their data, and this process should be fair and clear. 3) Access / Participation: Consumers must be able to view the data collected by the company 4) Integrity / Security: Data collected should be accurate and kept secure from both internal and external security threats. 5) Enforcement / Redress: a) Collection of the information must be regulated by the company / a regulatory body b) Remedies must be provided to consumers whose information is compromised c) Government can levy penalties
Goals of Info Security (CIA Triad)
1. Confidentiality 2. Integrity 3. Availability
How Search Engines Operate
1. Crawling & building index (spiders get billions of interconnected documents, extract code from them, and store in database) 2. Providing solution: returns results and ranks based on query
European GDPR (Global Data Protection Regulation)
- Personal data must be processed in a lawful, fair and transparent manner - Requires consent / opt-in of customers - Users should be able to access their data upon request - 72 hour notification after data breach - Specifies steps the company collecting the data must take to protect consumer data
Recovery Planning
Business recovery plan: a detailed plan about what should be done and by whom if critical systems go down; also called disaster recovery plan, business resumption plan, or business continuity plan Hot site: alternative sites that a business can use when a disaster occurs; backup sites provide desks, computer systems, and internet links
Factors in Successful Web Enabled Businesses
Business success depends on availability and use of proper software Elements needed to support B2C commerce: 1. targeting right customers through ads 2. capturing customer's complete experience (cookies & CRM) 3. personalizing the experience (CRM, data to personalize web pages, emails, product offers) 4. shortening the business cycle (speed up shipping & payment process) 5. letting customers help themselves FAQs, order status, etc.) 6. being proactive (value add, superb servicing)
Networking Services: Cable & DSL
Digital subscriber line (DSL): data remains digital through entire transmission; uses telephone lines connected to DSL bridge (DSL modem) to transmit; transmission bit rates are closely related to distance from telephone company's central office Broadband over Power Lines (BPL): uses electric power lines to carry digital signals; utility companies partner with telecommunications companies to provide the service Cable: Internet links provided by television cable firms; at residence, cable is split into TV set and computer via bridge called modem; connection speeds may be slower as more subscribers join the service T1 and T3 Lines: point-to-point dedicated digital circuits provided by telephone companies; T1 is 24 channels, 64Kbps each; T3 is 672 channels, 64 kbps each; EXPENSIVE; universities and large companies for backbone and Internet connections Fiber to the Home (FTTH): optical fibers used to connect a building to the Internet; connect computers or LAN routers to optical fiber socket Optical carrier (OC): provides service through optical fiber lines; EXPENSIVE; HIGH connection speeds - base rate 51.84 Mbps; used by ISPs, search engine providers, content-rich or high-traffic websites
Risk Area: Info Systems
Downtime: the period of time during which an IS is not available in 2016, 700b in losses due to downtime Varies depending on industry, company, etc. Avg. cost of network downtime is 5600 per minute, 300,000 per hour
Cryptocurrency
Electronic peer-to-peer currency that uses cryptography for security that is secured by an algorithm
Encryption
Encryption: coding a message into an unreadable form Two types: 1. Symmetric: sender and recipient use same key 2. Asymmetric: both a public and a private key are used; so senders of info can lock the info using public key, but cannot unlock using private key. (Explanation: public/private key can be used to unlock/lock. Basically, private key can only be used by you. Choose which function it should serve. You always give away public key.) HTTPS: the secure version of HTTP that uses TLS Transport Layer Security (TLS): many layers of symmetric and asymmetric encryption Digital Signature/Certificate: sender creates a message digest (via hashing the message) and then locks it with their private key and create a digital signature (signing with your private key). Sender will also send the actual message. Sender then takes both the digital signature and the plain message and locks it with receiver's public key. Then receiver locks both with private key. Then receiver hashes the plain message. If that hash does not match the unlocked digital signature, then we know someone has tampered with the message. REVIEW / WATCH A VIDEO ^^^
Firewalls & Proxy Servers
Firewall: hardware and software that blocks access to computing resources; best defense against unauthorized access over the Internet; now routinely integrated into routers Proxy Server: "represents" another server for all info requests from resources inside the trusted network; so people can access the proxy server but not the web server itself DMZ: demilitarized zone approach; one end of the network is connected to the trusted network, and the other end to the Internet connections is established using a proxy server; ensures that even if people get into proxy server, they cannot get into the main internal web server and access data
Global Challenges
Global Challenges: • Government Regulations (censorship) • Tariffs / Taxes for International Businesses • Differences in Payment Mechanisms (Chip & PIN In Europe, credit cards in North America, cash in developing world) • Language Differences • Cultural Differences • Different standards (measurements, temperature, dates, addresses, etc) • Different Privacy & Data Collection Laws • Different Time Zones • Technological Challenges
Systems Analysis
Part of SDLC Investigate Economic Feasibility Study: Cost Benefit Analysis, ROI, TCO (total cost of ownership) Operational Feasibility: depends on organizational culture Requirements Definition:
Protocols for the Internet
Rules of the Internet Transfer Control Protocol (TCF): establishes how data overall is transferred through internet Internet Protocol (IP): rules around delivery to specific address Hyper Text Transfer Protocol (HTTP): protocol for transferring text from one user to another (HTTPS is secure text transfer) File Transfer Protocol (FTP): rules for transferring files Simple Mail Transfer Protocol (SMTP) Vocal Internet Protocol (VoIP): rules for transferring of voice over Internet
Networking Hardware
Switch: device used as a central location to connect computers or devices to a local network Bridge: connects two networks Router: routes data packets to the next node on the path to the final destination Firewall: protects against unauthorized access to the network ////// Internet --> Router --> Firewall --> Switch
Technological Challenges
Technological Challenges: 1. Infrastructure: Not all countries have adequate information technology infrastructure to allow companies to build an international IS, and broadband communication lines are needed to support today's graphics-rich webpages 2. Language is another technological challenge as eight-bit byte code is not sufficient for languages with large character sets; - Solution: Unicode allows for 65,536 characters 3. Different Formats: Telephone numbers, dates, measurement standards, postal code formats, etc. are different globally - Solution: Must coordinate with databases and applications
Developing vs. Outsourcing (Buying / Renting) Software
The run of the mill things Review slides if you want Questions to ask yourself: How important is the software to the running of your business? If it is, develop. Can you hire the expertise that you need?
Networking Services
Variety of options when subscribing to network services Downstream: speed of receiving from network - in order: DSL, T1, BPL, Cable, T3, OC-3, OC-12, OC-48, OC-192, OC-255 Upstream: speed of transmitting to network Services with lower rates for upstream than downstream are suitable for most individuals and businesses (tighter security)
Decision Support Systems (DSS)
a computer-based information system designed to help knowledge workers select one of many alternative solutions to a problem includes all below Data Management Module Model Management Module Dialog Module
Virtual Private Network (VPN)
a public network connection that creates the illusion of a private network connection; enables use of intranets and extranets; offers greater security and privacy for companies
Employee Knowledge Network
a tool that facilitates knowledge sharing through intranets helps connect employees with experts
Online Analytical Processing (OLAP)
a type of application used to exploit multiple data warehouses (relational or dimensional) at once extremely fast response times; user can view multiple combinations of two dimensions by rotating virtual cubes of info Drilling down: the process of starting with broad information and then retrieving more specific information as numbers or percentages dimensional database: cube of data with multiple parameters GOOD FOR EXECUTIVES
Single sign-on (SSO)
a user must ender his or her name/password only once saves time
Denial of service (Dos)
attacker launches a large number of info requests, slowing down legit traffic to the site ex: 'proxy server timed out'
Data Management Module:
database or data warehouse that provides data for the intelligence phase; access and selects based on criteria
Structured Problem vs. Unstructured Problem
the more info you get, the more structured a decision becomes; ex: tablet for Kimball's, Google, janitor at Google structured problem: one in which an optimal solution can be reached through a single set of steps; ex: math or physics, not business problems - algorithm: sequence of steps to complete task - parameters: categories of data considered in algorithm semi-structured problem: professionals encounter almost daily; choose alternative that will give best outcome unstructured problem: no algorithm for optimal solution; not enough info or large numb rod potential factors; ex: weather prediction, stock market prediction the more unstructured, the more uncertain
Telecommunications
the transmittal of data and information from one point to another ex: cell phones, videoreferencing, p2p file sharing (locating and downloading files from any online computer through Internet), web-empowered commerce
Business Decision Making Process
three phases: 1. Intelligence Phase: collect facts, beliefs and ideas 2. Design Phase: design the method for considering their collected data, to reduce the alternatives to a manageable number 3. Analyze / Choice Phase: using the method designed to choose a solution
LiFi
uses light waves instead of radio waves to transfer data
Communications Media: Tangible
1. Twisted pair cable: pairs of insulated copper wires twisted together; flexible, reliable, low-cost; connects devices with RJ-45 plug-in connector 2. Coaxial cable: for cable television transmission; used for Internet connections via cable 3. Optical fiber: uses light to represent bits; not susceptible to EMI (electromagnetic interference); can carry signals for long distances 4. Electrical power lines: electrical power grid can be used for telecommunication; Broadband over Power Lines (BPL) or Power Line Communication (PLC)
How Data is Compromised
1. Virus: spread from computer to computer by sharing things 2. Worm: spreads in network without human intervention 3. Trojan horse: virus disguised as legit software 4. Logic bomb: software that is programmed to cause damage at a specific time Reasons: poor training lack of adherence to backup procedures unauthorized downloading human error
Wireless Protocols
802.11ac for MAset of rules for governing communication between computers; TCP - transmission control protocol /IP Ethernet (IEEE 802.3): LAN protocol using coaxial or twisted pair cable Gigabit Ethernet (IEEE 802.3ab): faster Ethernet connection of one Gbps or greater IEEE 802.11: a family of wireless protocols known as Wi-Fi (wireless fidelity); supports communication within 100 meters of router; speeds up to 248 Mbps; 802.11ac for MAN has highest in 300s Access Point (AP): connection between wireless device and a wired network; Hotspot allows Internet access within range Encryption: functions of protocols that scrambles and encodes messages Bluetooth (IEEE 802.15): allows devices to communicate within 10 meters; considered a PAN technology Worldwide Interoperability for Microwave Access (WiMaX) (IEEE 802.16): increases the range and speed of wireless communication; works within MANs and can be used as backup network CHECK THE SUMMARY PAGE (HORRIBLE, MERCILESS MAN)
Atomic Controls
Atomic transaction: a set of indivisible transactions - Requires all of the transactions in the set to be completely executed, or none are executed - Ensures that only full entry occurs in all the appropriate files to guarantee integrity of the data - Is a control against malfunction and also prevents fraud particularly about integrity
Audit trail
Audit trail: tagging; a series of documented facts that help detect who recorded which transactions, at what time, and under whose approval (sometimes automatic using timestamps) Information systems auditor: a person whose job it is to find and investigate fraudulent cases
Access Controls / Authentication
Authentication: ensuring you are who you say you are Access controls: ensure only authorized users have access to a computer, network, app, data 1. Physical locks: secure equipment 2. Software locks: determine who is authorized Types of access controls 1. What you know: access codes (ID and password) 2. What you have: requirers special devices 3. Who you are: unique physical characteristics (biometrics, i.e. fingerprint) Security card is more secure than a password
Knowledge Taxonomy
Autocategorization (Automatic Taxonomy): automates classification of data into categories for future retrieval; used by most companies to manage data, used by search engines, constantly improved ex: surveys tagged using text analytics, web content categorization
What are websites made of?
Content - HTML (Hyper Text Mark-up Language); HTML5 allows for embedded video, geolocation using Java; APIs (application programming interfaces) are add-ons Style - CSS (Cascading Style sheets) - good for changing layout depending on device Interaction - JavaScript (cross-platform, object-oriented); DOM (document object model) - look in document, get object by id, embed something within it
Risk Controls (flashcard 30-34)
Controls: constraints and restrictions imposed on a user or a system; helped to secure against risks; ensure that nonsensical data is not entered; can reduce damage...
Blockchain
Blockchain is a digital ledger in which transactions made in cryptocurrency are recorded chronologically and publicly (available for anyone to see); it contains a cryptographic hash of the previous block, a timestamp and transaction data. A blockchain record is nearly impossible to change, especially as time goes on, as you have to change all the links after the piece in order to alter the record and crack through various security codes for each one. This would require a collusion of the network majority.
Calculating Downtime
CBA: benefit of greater uptime vs. added cost Mission-critical systems must be connected to an alternative source of power, duplicated with a redundant system, or both The greater the number of interdependent systems, the greater the expected downtime Redundancies reduce expected downtime Downtime defined as number of 9s of uptime... e.g. Two 9s is 99%, four 9s is 99.99%. Can convert to total downtime. Two 9s = 1% downtime = 0.01 * 365 * 24 = 87.6 hrs Four 9s = .0001 * 365 * 24 = .876 hours or 52 minutes
Considerations in Selecting Web Host
Compare host vendors using a point system (like in book) 1. Dynamic webpages: enable communication between shopper's browser and the database 2. Content management systems: product for building and maintaining websites Factors to consider when selecting web host: a. Allows use of database management system b. Storage space capacity c. Technical and web site design support d. Scalability e. Security: physical and virtual f. Availability: minimize downtime g. Setup and monthly fees
Factors determining IT Plans & Benefits
Competitive Environment Senior Management LineManagers IT Professionals Users
IT Mission & Vision Hierarchy
Corporate Mission - overarching goal and how t will be achieved IT Mission - role of IT IT Vision - ideal tech IT Strategic Planning - implementation of IT, goals to be achieved IT Tactical Planning - broken down into objectives, which are broken down into more tactical details (resources, staffing, timetables, training) (Fill in rest)
Risk Area: Online Operations
Cyber terrorism: terrorist attacks on business organization info systems with intent to: disrupt network communication, implement denial of service attacks, destroy/steal corp/gov info How? unauthorized access 1. phishing; sending users an e-mail with a malicious link or attachment 2. pharming: re-directing users to fake site (ex: texts with links) denial of service (Dos) / DDos
Tableau (NEED TO DO MORE HERE)
Data Pane (left side of workbook) contains: dimensions: fields that contain qualitative, categorical, descriptive values; "Id" 'Name ' Data' 'type' measures: Fields that contain numeric, quantitative values; can be aggregated using functions; price, sales, weight pages: allows you to split a view into a number of different individual pages; 'day' filter: filters data in a single chart marks: visual cues; like area, color, labels, details (pop-up box) continuous: green - makes axes discrete: blue - makes headers columns: x-axis, time, label, etc. rows: y-axis, measure details: add details to pop-up box tooltip: edit and format pop-up box building basic visualizations: bar graph, line graph, pie graph, stacked bar charts, tables difference b/t dashboard and stories: dashboard displays multiple visualizations; story is pre-set slideshow to illustrate a point for table: put everything in rows for pie chart: put measure in size, dimension in color, and add labels, marks --> angle for map: measure into color, Country/location into details under "marks"; you cannot visualize cities (uncertain boundaries), only country, state, or zip code --> drag into "details" under "marks" for bubble: marks to circles, make sure dimensions/measures are continuous, measure into size and color dashboard basics: worksheet pane - list of worksheets object area - objects we can add to dashboard sheet new object placement setting area - where we can specify if an objects will be tile or a floating object above tiles layout area - diagram of layout dashboard area - can control size of dashboard on web page
Deep Web vs. Dark Web
Deep web: part of the Internet that contains gov websites - not accessible via standard search - not tagged, so can't find in browser Dark Web: requires special software and browser (Tor) to access; user requests are encrypted and protected - can't track IP address, browsing history, or location - not illegal - some sites only through IP address, not search
Implementation
Delivery of a new system with two steps: conversion and training
Digital Signature in Cryptocurrency
Digital Signature is used in cryptocurrency using a public / private key, or asymmetric encryption to validate who sent the transaction and that the transaction is authentic.
Equifax & Home Depot
Equifax failed to update its web server software, leaving it vulnerable to a security hole. 143 million users' data was leaked Home Depot failed to update its anti-virus software and had not yet implemented its encryption software. Both of these problems seem to stem from poor planning / proactivity and slow departments / out-of-date software
Systems Integration
Examine needs of organization & produce plan and to preserve data flow Organizational initiatives: linking, integrating, sharing
Generations in Mobile Communications
First generation (1G): analog using circuit switching (required large phones, poor quality) (2.4kbps) Second generation (2G): provided digital voice encoding (couldn't handle data or video, but allowed texting... 1 Mbps) Third generation (3G): increased speeds of digital encoding that support video, videoconferencing, and full Internet access... up to 2 Mbps Fourth Generation (4G): digital only, with packet switching and tighter security, much faster (up to 1 Gbps) Fifth Generation (5G): Will be rolled out over next few years... much higher data speeds (up to 20Gbps) Long-Term Evolution (LTE): standard method of wireless communications, specifically for high-speed data transmission for mobile phones
Types of Crypto & Differences
In 2020, there is an estimated 3,000-5,000 cryptocurrencies. March 2022: 18,465, but 10,363 active To create a new currency, you simply just have to write some code. There's no regulatory agency you have to file with or anything else you have to do (like register it, etc). The code and guiding principles of each cryptocurrency is slightly different, and often provide other "value adds" compared to the first digital currency, BitCoin which is fairly simple in build. Below are some examples: - Ethereum: coin that allows users to deploy an app in a decentralized manner - Filecoin: provides digital storage - Ripple: Acts as a cryptocurrency and digital network for financial transactions
Amazon Case
In China, tried to implement under US model (what US consumers value), rather than in a specifically Chinese model China: stringent regulations, big competitors (Alibaba), brand conscious, differences in cities and small towns, poor infrastructure, cash, fast internet growth --> COD, last-mile delivery (bikes), did not advertise (but competitors did), price match guarantee, free shipping, created distribution centers; Brazil: economic uncertainty, stringent tax/labor regulations, political instability, poor infrastructure, high competition (Mercado Libre) --> tried to acquire company but were blocked India: poor infrastructure, no zip codes, cash only, fragmented retail market (83% mom and pop) --> bought pre-existing company, last-mile delivery, partnered with mom and pop (1 year free membership and fulfillment by amazon), worked with postal service, free shipping / next day delivery, referral programs, didn't offer other languages like competitor did, had a customer service team already there (could bring in local talent / knowledge) THINGS VARY FROM MARKET TO MARKET, SO IT'S IMPORTANT TO UNDERSTAND THE PREFERENCES OF THE MARKET, TRANSLATE, BE EGALITARIAN, AND AVOID CULTURAL IMPERIALISM (what works in the US will not necessarily work in other markets)
Cybersecurity Case
Intrusion: - Fulfillment system was down - Potential social engineering in case of executive password - Emails that said "Hee, hee, hee" - Hao mentions security flaws in the system that intruders could come through Evidence of No Intrusion: - the attack was on a wide range of IP addresses...DDOS? - Network provider confirmed they had an attack People: - Dave Jensen: kept insisting on rebooting system No intrusion b/c web host is hosting website so Ddos would be on their end Communication: get out in timely manner, mark sure shared info is confirmed, simple, don't provide too much information, mention that data is safe or you believe that it is not compromised what we say: vague, not too many specific claims, glitch is fixed, flatter team, attack on web host, actively working with them to address issue, no data has bene compromised, etc.
Verizon Data Breach
LOOK AT RECORDING Q1: What were the common tactics for data breaches? - Denial of Service - privilege misuse - system intrusion: getting passwords - web app attacks: getting passwords of people - social engineering: getting passwords - lost or stolen assets - ransomware - phishing - credentials compromised Q2: Which industry was most susceptible to data breaches? - professional, scientific, tech services - finance & insurance - healthcare (mainly internal) - manufacturing Q3: What are some good ways companies can protect their data to protect from various attacks? - data protection - access control (MFA) - account management - security skills training most attacks take place within minutes, but take months to detect
Miners
Miners are responsible for verifying the transaction actually happened and solving a complex algorithm as "proof of work". For their efforts, they are rewarded with virtual currency as a "transaction fee" that is built into the virtual currency script.
Application Reliability & Data Controls
Missed something here Data controls also translate business policies into system features (i.e. resetting password every year) Better training of employees on how two yes apps and data controls (i.e. how to spot phishing, pharming emails, protect passwords)
Net Neutrality
Net neutrality is the concept that all content should be treated equally, and ISPs shouldn't receive money to prioritize certain content over others. pro: freedom of speech (no blocked content), protects customers, promotes competition by leveling playing field; cons: regulations, reduces investment in ISPs, hurts customers) It has been reversed.
Globalization of the Internet
Online manuals replace paper documents Web sites and documentation are presented in many languages Global businesses must be sensitive to local audiences - accommodate languages other than English Glocalization: designing global sites to cater to local needs and preferences 9ex; McDonald's menu changes to appeal to local palates)
SDLC (Systems Development Life Cycle) (Waterfall)
Plan Analysis Design Implement Support
Communications Media: Intangible
Radio frequency (RF) technologies: uses radio waves to carry bits; electromagnetic waves between 30KHz and 300 GHz (or 300 billion waves that pass a given point in a second); usually a foot long to several miles long Microwaves: high-frequency radio waves that can carry signals over long distances with high accuracy (i.e. radio, TV); between 300MHz and 300 GHz; weather conditions such as rain, pollen count, etc. may degrade quality; can be transmitted using satellite lines; used in cell phones, bluetooth (that's why dangerous to keep phone close to you) WiFi: somewhere in between Microwave and radio waves RFID: uses radio frequency to transmit data Near-field communication (NFC): a standard communication protocol to create a radio connection between two devices (ApplePay) that is built off of RFID technology; 4cm distance
Supply Chain Management Online
SCM can be connected to web to allow suppliers to participate directly XML (Extensible Markup Language) allows companies to set standards for data exchange Electronic Data Interchange (EDI): a system for electronic document exchange initially implemented through exchange Value-Added Network (VAN) companies (private, hosted service providing companies with secure way to send and share data)
Economics of Information Security
Security measures should be regarded as analogous to insurance Spending for security measures should be proportional to the potential damage A business must assess the minimum acceptable rate of system downtime and ensure that the company can financially sustain the downtime Costs to consider in security measures: cost of the potential damage (=sum of cost of disruption x probability of disruption), cost of implementing a preventative measure as cost of security measures increases, costs of potential damage decreases --> companies find optimal point company must define what needs to be protected security measures should never exceed value of protected system
Tagging Websites
Uniform Resource Locator (URL): unique address given to each web site IP address: special numeric address URL MADE UP OF: Domain name: letters Subdomain: domain part of lager domain; ex: www Top-level domain (TLD): last part of URL; ex: .org, .com HTTP - subdomain - domain - TLD http - www - google - com
Conversion strategies
Timing: 1. Parallel conversion: use old and new system simultaneously; costly 2. cut-over (flash cut) conversion: immediately switch over; risky but inexpensive Groupings: 1. Phased conversion: integrates one department at a time 2. Pilot conversion: introduces via business units; ex: one person per department
Top 10 Data Breaches
Watch video / review slide millions and millions of users' information methods: 1. install malware in devices, etc. 2. stealing employee credentials and logging in / installing key logging 3. internal employees leaking 4. would create backdoor for more people to get in 5. worms spreading without inetrrvention
Evolution of the Web
Web 1.0 (Static Web): Content is created by the website owner; there are static pages with information served from the company's server Web 2.0 (Participative Web / Social web): User generated content and participatory culture for end users; users interact and collaborate (social media, gaming, blogs, wiki, video sharing sites, etc) to enhance Web 3.0 (Semantics Web): Internet data is machine readable; the Web can analyze all the data on the web (and across devices) using AI and ML (to be discussed) to create a "global brain"; ex: chatbot; Tim Berners lee original vision of web Web3 (Decentralized web): Web incorporates blockchain technology and decentralized web deployment
Options for Installing a Website
Website: web pages that make up info and link to site provider's Web technologies Internet server: a computer connected to the Internet backbone OPTIONS: 1. Install and maintain own web server - costly - provides most control - requires expertise - must obtain high-speed link to Web - mirror servers: servers with duplicated content and applications, allows for faster retrieval and backup if main server issues down; large data companies use 2. Contract with web hosting service a. Shared hosting: store client's Website on same physical server as other clients b. Virtual private server hosting: stimulates a single server, allowing client to have own domain name c. Dedicated hosting: client can fully control content on rented dedicated servers disks d. Co-location service: server owned and maintained by a client is co-located with other client' server in a secure physical location
Satoshi Nakamoto's Paper (2009)
What problems does Satoshi Nakomoto see with existing financial institutions? 1) Non-reversible transactions are not possible, and financial institutions are involved in mediating disputes which increases transaction costs 2) The process of reversal erodes trust; merchants are nervous their customers may reverse a transaction 3) Certain percentage of fraud becomes accepted and in some cases unavoidable 4) There's no method to make an in-person like transaction like traditional money Q: How does the currency he is proposing work ? 1) Digital signatures allow for validation of who is sending money to whom 2) The transactions are validated through a proof of work that will reside on a network 3) The building of chains will outpace attackers
Artificial Intelligence (AI)
developing computers so that they can perform tasks that normally require human intelligence, such as cognition or reasoning Weak AI: machines can respond to specific situations, but can't really think like humans; ex: expert systems, decision systems: Machine Learning Strong AI: can think, process and respond like a human, e.g. cognition, speech recognition, variability: Deep Learning
Knowledge Workers
research, prepare, and provide info orgs should require workers to create reports of findings & about sessions with clients
Machine Learning
codes that allow machines to lear from info that is input; implemented via code, algorithms, data mining techniques; ex: Netflix predicts a movie you like weak AI
Network
combination of devices (or nodes) connected through a communication media PAN: personal area network, designed for handheld/portable devices, slower transmission speed, max distance 10 meters LAN: local area network; single organization; server-based or peer-to-peer; 5-6km WiFi/WLAN: wireless local area network; radio waves used to connect devices to each other and the Internet; advantages: easier installation, more scalable, more flexible; less secure than wired LANs MAN: metropolitan area network; links multiple LANs within a large city, uses fiber optic or wireless broadband connections between LANs; 50kms; cities, universities, hospitals WAN: wide area network; far-reaching networks composed of LANs or MANs, public or private; more than 30 miles
How the internet works
connect computer to router which creates local network and specified IP address modem connects router to ISP provider ISP requests info from Domain Name Server (DNS) DNS uses IP (Internet protocol) to determine IP address of the Web Server (where specific data, text, etc is stored) ISP requests info from Web Server and their ISP sends packets of info back to your ISP to send to laptop within local network. Browser then combines packets and displays info in browser In internet, many web servers are connected to many local networks, and these local networks are connected to each other via ISPs
Current State / Future of Crypto
crypto fluctuates peaked in Dec 2017 banks, hedge funds, educational funds have steered clear due to risky nature new currencies made everyday - difficult to know which one will last will be marginalized until accepted by major institutions blockchain will likely be adopted in future globally due to security
Business Intelligence System (BI)
decision systems, expert systems, geographical info systems, OLAP (online analytical processing), dashboards includes AI to make better decisions and drive efficiency includes data mining for decision systems
Model
abstraction of reality; managers either choose universal model or design their own
Geographic Info System (GIS)
aid for map-related decision; processes location data ex: oil drilling location, ATM placement, city planning for police Components: database of quantitative and qualitative data, database of maps, program that displays info on maps Web technology that helps promote use of GIS: google earth, Mapquest HTML and XML support presentation of marked maps
Agile Methods
alternative development methods that breaks product development into smaller increments called "sprints"; more functional-focused and people-focused than waterfall; more adaptable / flexible (feedback from customers and stakeholders); needs heavy team involvement; harder to discern timeline / details about final product while in the process whereas in waterfall you know what you're going to get a and for what price; variability in cost Agile is like baking without a recipe; Waterfall is recipe-centric
Dashboard
an interface between BI tools and the user Key performance indicators (KPIs): a business' strategic initiatives evaluated to determine the costs, savings, and benefits to be derived from their implementation It is important to compare captured real data to benchmark or historical values LIKE TABLEAU
Distributed Denial of Service (DDoS)
attacker launches a large number of info requests from multiple computers usually launched from hijacked personal computers called 'zombies'; no definitive cure; site can filter illegitimate traffic
uninterruptible power supply (UPS)
backup power for a short time in case of blackout or brownout
Mediums of sharing and collecting data on the web
blog wiki: web app that enables users to add and edit to content of web pages podcast instant messaging (IM) cookie: small files that stores info about web site visitor, stored on visitor's computer clickstream tracking: tracks a surfer's clicking activities spyware: traces and reports online behavior
Expert Systems (ES) (part of AI research)
emulates knowledge of human expert; solves problems; makes decisions in narrow domain Knowledge Base: collection of facts and relationships, uses inference engine, series of IF-THEN rules Inference Engine: software that combines data input by user with the data relationship Intelligent agent: software that is dormant until it detects a certain event, and then performs prescribed action Case-based reasoning: methodology of solving problem established on previous cases; especially useful in medical decision making Neural networks used by more sophisticated ESs; begins with set of rules, but redefines itself based on decision success rate; beneficial in detecting fraudulent transactions and claims ALL PART OF ARTIFICIAL INTELLIGENCE RESEARCH cons: lacks common sense, can't read motions, limited in info on new situations if not updated, costly, usually focused on just one domain
Deep Learning
enabled by neural networks; uses artificial neural networks (imitating a human brain through mini bits of bits or "neurons"); can learn on its own; ex: translating images into texts, adding color to b&w photo, understanding dialects and accents issue with bias: AI won't correct for bias; if it is fed biased data, it will continue that trend strong AI
Knowledge Management
knowing where to find info about a subject (component of DSS, ES, and other BI systems) gathering, organizing, sharing, analyzing, and disseminating knowledge to impose performance purposes: transfer individual knowledge into databases, filter and separate most relevant knowledge, organize for easy access storage costs continue to decrease; easy to store more info
Applications of AI
machine learning for retail, customer servicing, science
Communications Media
means through which bits are transmitted; tangible & intangible
Knowledge on the Web
organizations can distill customer opinions (on website, yelp, google, TripAdvisor) to help learn about products and competitors some companies have developed software to search this info; ex; Factiva gather info from one 30,000 sources
Strategies for International Expansion
plan, learn the preferences, translate properly, be egalitarian, avoid cultural imperialism "think globally, act locally" being sensitive to regional customs and language nuances Control must be decentralized Strategic planning should be global, but can be followed with a local flavor
Data Regulation in US
regulated by FTC (Federal Trade Commission) 1970s: Fair Information Practice Principles (FIPP): FTC's guidelines, standard for privacy 2000s: stream of industry specific data over 200 laws governing data regulation; the "sectoral approach" FIPP is often criticized by data privacy advocates as not being comprehensive enough, especially compared to Europe. Some important data regulations by the FTC include in this approach include: - FERPA (1974): Family Education Rights and Privacy Act: Rights governing student records - HIIPA (1996): Health Insurance Portability & Accountability Act: regulation around health records - COPPA (1998): Children's Online Privacy Protection: Parental consent must be obtained for collecting information from minors - CFPA (2010): Consumer Financial Protection Act: emphasizes privacy of collecting consumer information, focusing on deceptive practices that may be used
Bandwidth (Transmission Rate, Bit Rate)
speed at which data is communicated; measured in bits per second bps: bits per second Kbps = thousand bps Mbps = million bps (mega bps) Gbps = billion bps (giga bps) Bps = trillion bps (tera bps) Broadband: communication medium/media that carry multiple transmissions simultaneously; ex: cable tv, fiber-optic cable, most wireless connections
Data Bait
to trick hackers and identify them and/or vulnerability points. Think of a fake safe in a house with a hidden video cam and an alarm system. Honeytoken: a bogus records in a networked database to combat hackers Honeypot: a server containing a mirrored copy of a database or a bogus database that is less protected than the real DB; educates security officers about vulnerable points
Model Management Module
turns data into useful info; fixed model, dynamically modified model (auto adjusted based on changing relationships between variables), or collection of models model used to predict output, often based on mathematical research models could be industry-specific: ATM placement, airline ticket pricing, car rental pricing, etc. Linear Regression: gives best-fit linear relationship between two variables; can be translated into a program in a DSS, could be curve not straight line too; models often describe relationship between more than two variables; some DSSs simulate physical environments Sensitivity Analysis (What-If Analysis): test degree to which total profit grows or shrinks if one or more factors are changed; indicate relative sensitivity to changes; can work on multiple parameters at once Dialog Model: part of DSS that allows user interaction with the program; prompts her to select a model and data; allows user to change parameters and see results, displays results sin textual, tabular, or graphical format
Data Mining
using data to find relationships that can support decision-making; selecting, exploring, and modeling large amount of data; includes languages like R, Python; queries more complex than traditional queries objectives: 1. sequence or path analysis: finding patterns where one event leads to another; ex: where will customer go on website after home page 2. classification: finding whether certain facts fall into predefined groups 3. clustering: finding groups of related facts not previously known; sort of opposite classification 4. forecasting: discovering patterns that can lead to reasonable predictions business applications: fraud detection (sequence analysis), customer clustering (clustering), customer churn (forecasting), marketing (classification), interactive marketing (forecasting), trend analysis (clustering), etc.
Hijacking
using some or all of a computer's resources without consent of owner; often done for DDos attack. Done by installing bot on computer. main purpose is to send spam. bots usually install email forwarding software
Security Measures
using tools to protect against attacks 1. Data Bait 2. Firewalls 3. Encryption 4. Digital Signatures 5. Digital Certificates
Network Media Acquisition Considerations
• Availability • Current and potential bandwidth • Vulnerability to EMI or radio frequency interference (RFI) Twisted pair: high, low-med, high Radio wave: high, med to high, low (but vulnerable to radiofrequency interference) Microwave: low, high, low Coaxial: high, high, low Optical fiber: moderate, highest, nonexistent Electrical power line (BPL); very high, high, high